Privacy Policy


This Privacy Policy has been developed in accordance with the provisions of the current Organic Law on Personal Data Protection, as well as Regulation 2016/679 of the European Parliament and of The Council, of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter the GDPR.

This purpose of this Privacy Policy is to make the owners of the personal data aware of specific aspects relating to the processing of their data being gathered, which include the purposes of the processing, the contact data to exercise their rights, the period of retention of the data and security measures, among other aspects.

Data Controller

In terms of Data Protection FUNDACIÓ UNIVERSITARIA BALMES., should be considered the Data Controller, regarding files/processing identified in this policy, specifically in the Data Processing section.

The identifying data of the owner of this web site is indicated below:


Postal address: C/ PEROT ROCAGUINARDA, 17 – 08500 VIC

E-mail address:

Data Processing

The personal data requested, where applicable, shall solely consist of such data that is strictly necessary to identify and address the request made by the owner thereof, hereinafter the interested party. This information will be processed loyally, legally and transparently regarding the interested party. On the other hand, the personal data will be collected for certain explicit and legal purposes, not being used otherwise to said purposes.

The data collected from each interested party will be appropriate, pertinent and not excessive in relation to the corresponding purpose for each case, and will be updated as long as is necessary.

The owner of the data will be informed, prior to the collecting of their data, of the general points regulated in this policy so that they can provide their express, concise and unequivocal consent to the processing of their data, according to the following aspects.

Purposes of the processing.

The explicit purposes for which each processing is carried out are presented in the informative clauses incorporated in each one of the data acquisition channels (web forms, paper forms, verbally or by letter and informative notices).

However, the personal data of the interested party will be processed for the exclusive purpose of providing them with an effective response and addressing the requests put forward by the user, specified together with the option, service, form or data acquisition system that the owner uses.


As a general rule, prior to the processing of personal data, FUNDACIÓ UNIVERSITARIA BALMES, obtains the express and unequivocal consent from the owner thereof through the incorporation of informed consent clauses in the different data acquisition systems.

However, in the case that the consent of the interested party is not required, the legal basis for the processing which covers FUNDACIÓ UNIVERSITARIA BALMES, is the existence of a law or specific regulation that authorises or demands the processing of the data of the interested party.


As a general rule, FUNDACIÓ UNIVERSITARIA BALMES,  does not transfer or communicate the data to third party entities, except if legally required to do so. However, in the case that this were necessary, the interested party would be notified of these data transfers or communications through the informed consent clauses contained in the different personal data acquisition channels.


As a general rule, the personal data is always collected directly from the interested party. However, in certain circumstances, the data can be collected via third parties, entities or services other than the interested party. In this sense, this point will be transferred to the interested party through the informed consent clauses contained in the different data acquisition channels and within a reasonable time frame, once the data is obtained, and within a maximum period of one month.

Retention periods

The data collected from the interested party will be conserved for as long as necessary to fulfil the purpose for which the personal data was collected, so that, once the purpose is fulfilled, the data will be cancelled. This cancellation will give rise to a block on the data, solely conserving it for Public Administration, Judges and Courts, to address possible liabilities arising from the processing, during the prescription period of the same, and having surpassed the mentioned period the data will be destroyed.

Browsing Data.

Regarding browsing data that may be processed via the web site, in case the data subject to regulation is collected, it is recommended to consult the Cookies Policy published on our web site.

Rights of the interested parties.

The regulation on data protection grants a series of rights to the interested parties or owners of the data, users of the web site or users of the social network profiles of FUNDACIÓ UNIVERSITARIA BALMES.

These rights of the interested persons are the following:

  • Right to access: right to obtain information on whether their own data is being subjected to processing, the purpose of the processing that is being carried out, the data categories being processed, the recipients or categories of recipients, the conservation period and the origin of said data.
  • Right to rectification: right to obtain the rectification of inaccurate or incomplete personal data.
  • Right to suppression: right to obtain the suppression of data in the following cases:
    • When the data is no longer necessary for the purpose for which it was collected
    • When the owner of the data withdraws consent
    • When the interested party opposes the processing
    • When it must be suppressed due to a legal requirement
    • When the data has been obtained by virtue of an information society service based on the provisions of art. 8 sec. 1 of the European General Data Protection Regulation.
  • Right to opposition: right to oppose a certain processing based on the consent of the interested party.
  • Right to limitation: right to obtain the limitation of the processing of the data when one of the following cases arises:
    • When the interested party disputes the accuracy of the personal data, during a period that allows the company to verify the accuracy of the same.
    • When the processing is illegal and the interested party opposes the suppression of the data.
    • When the company no longer needs that data for the purposes for which it was collected, but the interested party needs it for the formulation, exercise or defence of claims.
    • When the interested party has opposed the treatment while it is verified whether the legitimate motives of the company prevail over those of the interested party.
  • Right to portability: right to obtain data in a structured, common use and e-reading format, and transmit it to another processing controller when:
    • The processing is based on the consent
    • The processing is carried out by automatic means
  • Right to present a claim to the competent control authority

The interested party may exercise the indicated rights, addressing FUNDACIÓ UNIVERSITARIA BALMES, in writing, to the following address: or  indicating in the Subject field the right that they wish to exercise.

In this sense FUNDACIÓ UNIVERSITARIA BALMES will address their request as quickly as possible and taking into account the periods set out in the regulation on data protection.


The security measures adopted by FUNDACIÓ UNIVERSITARIA BALMES are those required according to the provisions of article 32 of the GDPR. In this sense, FUNDACIÓ UNIVERSITARIA BALMES, taking into account the current state of technology, the costs of application and the nature, scope, context and purposes of the processing, as well as the likelihood and severity risk variables for the rights and freedoms of physical persons, have established the appropriate technical and organisational measures to guarantee the appropriate level of security and existing risk.

In any case, FUNDACIÓ UNIVERSITARIA BALMES has implemented the sufficient mechanisms to:

  1. Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
  2. Recover the availability and the access to the personal data quickly, in case of physical or technical incident.
  3. Regularly verify, assess and evaluate the efficiency of the technical and organisational measures implemented to guarantee the security of the processing.
  4. To pseudonymise and encrypt the personal data, where appropriate.